package com.xms.security.api.controller;


import com.baomidou.mybatisplus.core.conditions.query.LambdaQueryWrapper;
import com.xms.core.config.FinalValueDefaults;
import com.xms.core.module.ModuleCollection;
import com.xms.security.api.model.EditRolePermissionsModel;
import com.xms.security.api.model.RolePermissionItemModel;
import com.xms.security.entity.RoleObjectAccess;
import com.xms.security.service.dataauth.IRoleObjectAccessService;
import com.xms.utils.CollectionUtil;
import com.xms.utils.UUIDUtil;
import com.xms.web.framework.controller.ApiBaseController;
import com.xms.web.framework.model.JsonResultObject;
import io.swagger.annotations.ApiOperation;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.web.bind.annotation.*;

import java.util.ArrayList;
import java.util.List;
import java.util.UUID;

/**
 * <p>
 * 前端控制器
 * </p>
 *
 * @author migo
 * @since 2021-09-04
 */
@RestController
@RequestMapping("/{org}/api/security/roleobjectaccess")
public class RoleObjectAccessController extends ApiBaseController {
    private IRoleObjectAccessService _roleObjectAccessService;

    @Autowired
    public RoleObjectAccessController(IRoleObjectAccessService roleObjectAccessService) {
        _roleObjectAccessService = roleObjectAccessService;
    }

    @ApiOperation("查询角色权限")
    @GetMapping("list")
    public JsonResultObject list(@RequestParam(value = "roleid", required = true) UUID roleid,
                                 @RequestParam(value = "resourcename", required = true) String resourcename) {
        LambdaQueryWrapper<RoleObjectAccess> queryWrapper = new LambdaQueryWrapper<>();
        queryWrapper.eq(RoleObjectAccess::getRoleid, roleid);
        queryWrapper.eq(RoleObjectAccess::getObjecttypecode, ModuleCollection.getIdentity(resourcename));
        return JOk(_roleObjectAccessService.list(queryWrapper));
    }

    @ApiOperation("保存角色权限")
    @PostMapping("save")
    public JsonResultObject save(@RequestBody EditRolePermissionsModel model) {
        if (model.roleId.equals(FinalValueDefaults.ADMIN_ROLEID)) {
            return JError("管理员权限不允许编辑");
        }
        int typeCode = ModuleCollection.getIdentity(model.resourceName);
        _roleObjectAccessService.deleteByRole(model.roleId, typeCode);
        if (CollectionUtil.notEmpty(model.items)) {
            List<RoleObjectAccess> roleObjectAccess = new ArrayList<>();
            for (RolePermissionItemModel item : model.items) {
                if(item == null || UUIDUtil.isEmpty(item.objectId)) continue;
                RoleObjectAccess roa = new RoleObjectAccess();
                roa.setRoleid(model.roleId);
                roa.setObjectid(item.objectId);
                roa.setObjecttypecode(typeCode);
                roa.setRoleobjectaccessid(UUIDUtil.get());
                roa.setAccessrightsmask(item.mask == null ? 0 : item.mask);
                if (roa.getAccessrightsmask() >= 0
                        && !roleObjectAccess.stream().anyMatch(x -> x.getObjectid().equals(item) && x.getObjecttypecode() == typeCode)) {
                    roleObjectAccess.add(roa);
                }
            }

            if (CollectionUtil.notEmpty(roleObjectAccess)) {
                _roleObjectAccessService.saveBatch(roleObjectAccess);
            }
        }
        return JSaveSuccess();
    }
}
